Exploits / Vulnerability Discovered : 2019-11-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Xfilesharing 2.5.1 arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
####################
Local File Inclusion
####################
http://xyz.com/?op=page&tmpl=../../admin_settings
This URL will fetch "admin_settings.html" template without any authentication. The ".html" extension is hard coded on the server so the included file must be with html extension anywhere on the server. You can even merge LFI with Arbitrary File Upload vulnerability by uploading an html file i.e. "upload.html" and changing the "sid" to "../../../../../../tmp" and so the file gets uploaded in tmp directory of the server. Now you can include the file like following.